SoylentNews

mendax [soylentnews.org] writes:

"Totally uselsss", the article [theregister.co.uk] from El Reg dubs it:

WD's My Passport boxes automatically encrypt data as it is written to disk and decrypt the data as it is read back to the computer. The devices use 256-bit AES encryption, and can be password-protected: giving the correct password enables the data to be successfully accessed.

Now, a trio of infosec folks – Gunnar Alendal, Christian Kison and "modg" – have tried out six models in the WD My Passport family, and found blunders in the designs.

For example, on some models, the drive's encryption key can be brute-forced, which is bad news if someone steals the drive: decrypting it is child's play. And the firmware on some devices can be easily altered, allowing an attacker to silently compromise the drive and its file systems. [...]

"In addition to this, other security threats are discovered, such as easy modification of firmware and on-board software that is executed on the user's PC, facilitating evil maid and badUSB attack scenarios, logging user credentials, and spreading of malicious code."

My Passport models using a JMicron JMS538S micro-controller have a pseudorandom number generator that is not cryptographically safe, and only cycles through a series of 255 32-bit values. This generator is used to create the data encryption key, and the drive firmware leaks enough information for this key to be recreated by brute-force, we're told.

"An attacker can regenerate any DEK [data encryption key] generated from this vulnerable setup with a worst-case complexity of close to 240,"....

The paper that describes their exploit can be found here [iacr.org].

Original Submission